Innovating quickly to provide outstanding customer experiences is increasingly distinguishing organisations, but the technology teams in charge of this — security, IT, and developers – must be aligned with these aims in order to deliver. However, security is still regarded as a barrier in organisations, with 61% of IT teams and 52% of developers feeling that security regulations stifle their creativity. These are the most recent findings from a research conducted by VMware, Inc. on the connection between IT, security, and development teams.
Only one in five (22 percent) developers strongly agree that they understand which security policies they are expected to follow, according to a Forrester Consulting study titled “Bridging the Developer and Security Divide.” The study surveyed 1,475 IT and security leaders and found that only one in five (22 percent) developers strongly agree that they understand which security policies they are expected to follow. Surprisingly, more than a quarter (27%) of those polled are not involved in any way in security policy decisions, despite the fact that many of these have a significant impact on their jobs. Organizations with a positive relationship between security and development teams can speed up the software development lifecycle by five business days compared to those without, highlighting how speed to market and competitive advantage are at stake here.
The data show that team priorities aren’t always aligned with customers, with IT and security teams ranking operational efficiency as their top priority (52%), while developers prioritise improving the user experience (50 percent ). Meanwhile, for IT (43 percent) and security, increasing the user experience ranked fourth (40 percent ). Preventing security breaches is the second most important responsibility for more than half of security teams (51 percent). Increased silos and limited communication between teams (60 percent), a higher risk of security breaches (57 percent), and a slower delivery of new apps have all been observed in these teams that are challenging to align (40 percent ).
“Our research shows that security needs a perception shift,” said Rick McElroy, principal cybersecurity strategist, VMware.
Further said, “Rather than be seen as the team that only swoops in to fix breaches and leaks, or who ‘gets in the way’ of innovation, security should be embedded across people, processes, and technologies. Security needs to be a team sport that works alongside IT and developers to ensure protection across clouds, apps and all digital infrastructure. We have to develop a culture where all teams have shared interests and common goals or metrics, and where they speak one language. There’s overwhelming value to the business when IT, security, and developers are all part of the decision making, design, and execution.”
The good news is that shared team priorities and involvement are being recognised as the path ahead. More than half of respondents (53%) believe security and development teams will be merged in two to three years. In the next two to three years, 42 percent expect security to become more embedded in the development process, and there is a broader recognition that cross-team alignment enables businesses to reduce team silos (71 percent), create more secure applications (70 percent), and increase agility to adopt new workflows and technologies (66 percent ).
“The findings of the research fit closely with what we see in the Middle East and North Africa,” said Ahmed Saadi, Regional Director of Sales, Middle East, Turkey, Africa, VMware.
“For many organizations, a lack of collaboration between IT, security and development teams leads to challenges that slow development and hinder security. It’s imperative that teams adopt a collaborative approach from the outset, pull in the same direction, and ensure that security is embraced as an intrinsic part of their IT and development procedures,” added Ahmed Saadi.
